I may have been misunderstood... here's what I'm trying to do: I'm writing an extension to the WSO2 G-Reg to expose some APIs for a project. These APIs uses the EmbeddedRegistry to provide clients with the ability to store/retrieve/etc. artifacts (project-specific - mostly XML files, but could be others) in the registry. The API also allows clients to "share" artifacts between multiple users (authenticated via a OAuth2 servlet filter working in conjunction with WSO2 IS). I've implemented the sharing capability as creating symlinks in a well-known registry path that I'm using to store "shared" artifacts. Here's an example layout of the registry:
/htrc/<username>/worksets/<someartifact>.xml This is the registry path used to store artifacts uploaded on behalf of a user. <username> represents a valid WSO2 IS (and G-Reg) registered user (G-Reg shares users with WSO2IS via LDAP). These artifacts need to have a custom media type (like: application/vnd.htrc-workset+xml) because I'd like to provide custom UI editors in the G-Reg management interface for resources with that media type. I didn't choose to create RXT files for these artifacts because I'm not interested in the SOAP-based APIs the G-Reg automatically provides for CRUD access to RXT artifacts, and I wanted to control where in the registry these artifacts are created. I plan on using the approach at [1] to provide the custom UI editing ability for our artifacts. For the artifact sharing capability, when a client asks that <someartifact>.xml be made "public", that translates into a symlink being created pointing to the true location of the artifact. The symlink is created in a public registry path, like so: /htrc/_PUBLIC_/worksets/<symlink_to_someartifact.xml> The permissions for /htrc/_PUBLIC_ and /htrc/<username> are appropriately set up to allow the symlink to be read, but disallow other users access to the /htrc/<username>. This is accomplished by the judicious use of roles. Now... I understand that a decision was made to not allow symlinks to be created to a governance registry artifact from outside the governance registry "home" folder structure. This is not what I'm trying to do. I believe that the regular expression I made reference to in my first post can be coupled with a check for the "target" of the symlink in question. If the "target" is pointing to a governance registry artifact (in /_system/governance/...) then yes, you can enforce the restriction... otherwise, I don't think it's necessary to prevent symlinks to non-governance artifacts from being created. Assuming I have a resource "A.xml" with media type "application/vnd.htrc-workset+xml" stored in the /htrc/boris/worksets/A.xml, I should be able to create a symlink to it from /htrc/_PUBLIC_/worksets/A.xml. Does this make sense? We definitely want to use symlinks because some of these artifacts could be large. Also the symlinks can have a different name than the original artifact, which is helpful. Sorry for the long post. Thanks for your help, Boris [1] http://docs.wso2.org/wiki/display/Governance411/Custom+UI+Sample -- View this message in context: http://wso2-oxygen-tank.10903.n7.nabble.com/G-Reg-symlink-creation-is-not-allowed-for-artifact-tp75736p75800.html Sent from the WSO2 Development mailing list archive at Nabble.com. _______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
